openSUSE Leap 15.4: 2023:0394-1 Important Kernel Security Advisory
opensuse
February 13, 2023
An update that solves 5 vulnerabilities, contains two features and has 41 fixes is now available.
Description
The SUSE Linux Enterprise 15 SP4 AZURE kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM
package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that
could have been used in a use-after-free that could have resulted in a
priviledge escalation to gain ring0 access from the system user
(bsc#1207134).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header
bits (bsc#1207034).
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic
control subsystem (bnc#1207237).
- CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race
condition among the superblock operations inside the gadgetfs code
(bsc#1206258).
- CVE-2020-24588: Fixed injection of arbitrary network packets against
devices that support receiving non-SSP A-MSDU frames (which is mandatory
...
Read the Full Advisory
Patch
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-394=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-394=1
Package List
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-azure-5.14.21-150400.14.34.1
cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.34.1
dlm-kmp-azure-5.14.21-150400.14.34.1
dlm-kmp-azure-debuginfo-5.14.21-150400.14.34.1
gfs2-kmp-azure-5.14.21-150400.14.34.1
gfs2-kmp-azure-debuginfo-5.14.21-150400.14.34.1
kernel-azure-5.14.21-150400.14.34.1
kernel-azure-debuginfo-5.14.21-150400.14.34.1
kernel-azure-debugsource-5.14.21-150400.14.34.1
kernel-azure-devel-5.14.21-150400.14.34.1
kernel-azure-devel-debuginfo-5.14.21-150400.14.34.1
kernel-azure-extra-5.14.21-150400.14.34.1
kernel-azure-extra-debuginfo-5.14.21-150400.14.34.1
kernel-azure-livepatch-devel-5.14.21-150400.14.34.1
kernel-azure-optional-5.14.21-150400.14.34.1
kernel-azure-optional-debuginfo-5.14.21-150400.14.34.1
kernel-syms-azure-5.14.21-150400.14.34.1
kselftests-kmp-azure-5.14.21-150400.14.34.1
kselftests-kmp-azure-debuginfo-5.14.21-150400.14.34.1
ocfs2-kmp-azure-5.14.21-150400.14.34.1
ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.34.1
reiserfs-kmp-azure...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2020-24588.html
https://www.suse.com/security/cve/CVE-2022-4382.html
https://www.suse.com/security/cve/CVE-2022-47929.html
https://www.suse.com/security/cve/CVE-2023-0179.html
https://www.suse.com/security/cve/CVE-2023-0266.html
https://bugzilla.suse.com/1185861
https://bugzilla.suse.com/1185863
https://bugzilla.suse.com/1186449
https://bugzilla.suse.com/1191256
https://bugzilla.suse.com/1192868
https://bugzilla.suse.com/1193629
https://bugzilla.suse.com/1194869
https://bugzilla.suse.com/1195175
https://bugzilla.suse.com/1195655
https://bugzilla.suse.com/1196058
https://bugzilla.suse.com/1199701
https://bugzilla.suse.com/1204063
https://bugzilla.suse.com/1204356
https://bugzilla.suse.com/1204662
https://bugzilla.suse.com/1205495
https://bugzilla.suse.com/1206006
https://bugzilla.suse.com/1206036
https://bugzilla.suse.com/1206056
https://bugzilla.suse.com/1206057
https://bugzilla.suse.com/1206258
https://bugzilla.suse.com/1206363
https://bugzilla.suse.com/1206459
https://bugz...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2023:0394-1
Rating: important
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Public Cloud 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
le.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!